Comment

Comment on Signal under fire for storing encryption keys in plaintext

Tramort@programming.dev ⁨2⁩ ⁨months⁩ ago

It is a super important detail, but it’s still unforgivable for an app that expects privacy to be part of its brand identity.

Sort:hotnew top

breadsmasher@lemmy.world ⁨2⁩ ⁨months⁩ ago

unforgivable

yeah absolutely agreed

source
brakebreaker101@lemmy.world ⁨2⁩ ⁨months⁩ ago
This is a big difference between privacy and security.

source
- Tramort@programming.dev ⁨2⁩ ⁨months⁩ ago
  Agreed
  
  But you can’t have privacy without security, and any privacy brand must have security in their bones.
  
  source
  - claudiop@lemmy.world ⁨2⁩ ⁨months⁩ ago
    You can’t encrypt anything without a key. This is the key. If it wasn’t in plaintext then it would be encrypted. Then you’d need a key for that. Where do you put it?
    
    Phone OSs have mechanisms to solve this. Desktop ones do not.
    
    source